| View previous topic :: View next topic |
| Author |
Message |
gcrew
Tux's lil' helper
Joined: 22 Feb 2005
Posts: 82
Location: Poughkeepsie, NY
|
 Posted: Sun Feb 27, 2005 6:38 pm Post subject: Samba and Unix Password Sync [solved] |
 |
|
Has anyone successfully used Unix Password Sync in Samba?
I uncommented the "unix password sync = Yes" and "pam password change = yes" lines in smb.conf.
passwd seems to change my system password, but not my samba password.
smbpasswd changes my samba password, but not my system password.
Thanks.
Geoff
Last edited by gcrew on Thu Mar 03, 2005 3:56 am; edited 1 time in total |
|
| Back to top |
|
 |
Will Scarlet
Apprentice
Joined: 19 Mar 2004
Posts: 239
|
| Posted: Mon Feb 28, 2005 6:18 pm Post subject: |
|
|
From the man page of smb.conf for unix password sync:
| Quote: | unix password sync (G)
This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. If this is set to yes the program specified in the passwd programparameter is called AS ROOT - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password change code has no access to the old password cleartext, only the new).
Default: unix password sync = no |
| Quote: | passwd program (G)
The name of a program that can be used to set UNIX user passwords. Any occurrences of %u will be replaced with the user name. The user name is checked for existence before calling the password changing program.
Also note that many passwd programs insist in reasonable passwords, such as a minimum length, or the inclusion of mixed case chars and digits. This can pose a problem as some clients (such as Windows for Workgroups) uppercase the password before sending it.
Note that if the unix password sync parameter is set to yes then this program is called AS ROOT before the SMB password in the smbpasswd file is changed. If this UNIX password change fails, then smbd will fail to change the SMB password also (this is by design).
If the unix password sync parameter is set this parameter MUST USE ABSOLUTE PATHS for ALL programs called, and must be examined for security implications. Note that by default unix password sync is set to no.
Default: passwd program =
Example: passwd program = /bin/passwd %u |
So it appears that you were on the right rode, you just needed a little more information. Also you assumption of when you change your Unix password that it will change your smb password is incorrect it only works the other way.
Hope this helps... |
|
| Back to top |
|
|
gcrew
Tux's lil' helper
Joined: 22 Feb 2005
Posts: 82
Location: Poughkeepsie, NY
|
| Posted: Mon Feb 28, 2005 9:54 pm Post subject: |
|
|
I think I've solved my problem.
The solution came partially from the following link:
http://www.oreilly.com/catalog/samba/chapter/book/ch06_04.html
Firstly, my passwd program path incorrectly was /usr/bin/passwd so I changed it to:
| Code: | | passwd program = /bin/passwd %u |
Also my passwd chat format was wrong:
Didn't work:
| Code: | passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
*passwd:*all*authentication*tokens*updated*successfully* |
Works:
| Code: | passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
*passwd:*password*updated*successfully* |
The chat needs to be the exact output of passwd. I'm surprised the default values aren't closer to the real values I needed. Anyway, now it works. smbpasswd changes both smb and system password. passwd changes just system.
Geoff |
|
| Back to top |
|
|
Atomikramp
Apprentice
Joined: 27 Sep 2004
Posts: 200
|
| Posted: Fri Mar 11, 2005 2:27 pm Post subject: |
|
|
i have the same problem, i tried to fix it the same way u did but it still doesn't work...
o well...
whenever from a windows client i try to change a samba user password the system password is changed, a permission rror is returned from the win workstation and the samba password doesn't change at all....
any suggestion??
thnx very much |
|
| Back to top |
|
|
|
Networking & Security
